The U.S. Environmental Protection Agency (EPA) has recently expanded the scope of its routine sanitary surveys of public water systems (PWSs) to include cybersecurity considerations. This scrutiny was introduced in an EPA memorandum and a cybersecurity brief created for state officials. The EPA initially mandated that routine sanitary surveys include evaluations of a PWS's cybersecurity to spot deficiencies posing risks to public safety or water supply. The EPA has since withdrawn this memorandum due to court order, but remains committed to helping states protect their water systems, despite legal challenges to its formal mandate..
While these two documents released by the EPA have alerted PWSs to specific deficiencies, the responsibility of addressing and rectifying these deficiencies is still in the hands of the PWSs themselves. Addressing these challenges within the intricate frameworks of PWSs can be daunting. However, BlastWave’s targeted solution supports the EPA's guidance and offers a direct route to robust cybersecurity measures.
Before we delve deeper into the specifics of these supportive measures, it's worth understanding the EPA's initial cybersecurity checklist, which will highlight the potential concerns every PWS should consider.
The EPA's brief outlines a ten-question checklist for PWS cybersecurity. These questions span various aspects, from inventory management to executive involvement, offering a comprehensive evaluation of a PWS cybersecurity posture.
The EPA encourages states to voluntarily review these aspects to proactively identify potential vulnerabilities in public water system cybersecurity.
According to the EPA, any design, operational, or maintenance flaws in a system—including breakdowns or malfunctions—that posed a contamination risk to the water supply were classified as a “significant deficiency.”
In the realm of cybersecurity, significant deficiencies might refer to a lack of security measures or existing vulnerabilities that present a high likelihood of being exploited. This could manifest in various ways, from the absence of secure remote access controls to unpatched systems vulnerable to cyberattacks.
Although the recent withdrawal of EPA’s guidance has altered the formal role of states in identifying these deficiencies through sanitary surveys, the responsibility of PWSs remains unchanged. PWSs bear the duty of ensuring the safety of drinking water by identifying and addressing potential vulnerabilities in their systems.
Addressing these issues is an intricate task. The complexity of modern public water systems is evident with the intersection of OT and IT networks, creating a multi-layered ecosystem. This is further complicated by a mix of legacy and modern technologies, and the challenges of remote work dynamics in the current era, creating a web of potential cybersecurity risks.
BlastShield™ streamlines the process of securing the systems of a PWS by integrating multiple security controls into a unified solution.
Here’s how BlastShield helps:
With the heightened focus on the cybersecurity of PWSs, the importance of evolving cybersecurity measures has never been more pronounced. Tools like BlastShield stand out, offering solutions that cater not just to current needs but also to the rapidly changing landscape of threats.
It's not merely about adhering to safety suggestions—it's about envisioning a safer, more resilient public water system.
With BlastShield, integrating robust cybersecurity becomes part of a larger mission—a fortified, future-focused strategy that equally emphasizes business continuity. Now, more than ever, is the time to reassess and fortify your cybersecurity measures for long-term resilience.
Schedule A Demo: https://www.blastwave.com/schedule-a-demo
Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.